On Fri, Nov 29, 2013 at 03:08:44PM +0100, Fred van Zwieten wrote: > Jakub, > > Yes, I could do this. But then the local root account cannot su to local > users (without password). But that is actually a normal use-case. I just > think local root should not be allowed to transition to a domain user, by > default. > > Fred
Ah, in that case I'm not sure if there's an easy solution, at least I don't know any off hand. I think Alexander is right that SELinux would be a good choice. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users